| Vulnerability Name | Remote Code Execution Vulnerability in Microsoft Visual Studio JSON |
| Severity Rating | HIGH |
| Software Affected | Visual Studio Code |
Overview
A vulnerability has been reported in Microsoft visual studio code which could allow an attacker to execute arbitrary code on the targeted system.
Description
This vulnerability exists in Microsoft visual studio code due to insufficient validation of user-supplied input while opening a malicious "package.json" file. A remote attacker could exploit this vulnerability by running a specially crafted malicious code on the targeted system.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user.
Solution
Apply appropriate patches as mentioned in Microsoft Security Advisory
https://portal.msrc.microsoft.com/en-us/security-guidance
Vendor Information
Microsoft
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
References
Microsoft
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
CVE Name
CVE-2020-17023
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Note: Any unusual activity or attack should be reported immediately at incident@cert-in.org.in, cert.ksitm@kerala.gov.in with the relevant logs for analysis and taking further appropriate actions.